We’ll combine a couple of medical data thefts for this week’s Rip of the Week.

First, the San Francisco Business Times reports that UC San Francisco reported a laptop theft that occurred on our about November 30, breaching 4,400 patients of the UCSF School of Medicine. The data included names, medical record numbers, age and clinical information, but not Social Security Numbers.

And, all to commonly, the data records were not encrypted.

The article also refers to tougher federal regulations and penalties that could be involved, including up to $1.5 million in fines for privacy violations–all the more reason to take proper precautions before it’s too late. Thanks to kirniki for the tip.

In the second case, our headliner for the week, ABC 13 reports that Methodist Hospital in Houston had a breach when a thief stole a laptop attached to a medical device that tests pulmonary function. The laptop contained private health information and Social Security Numbers for for 689 people and, again, was not encrypted or, apparently, otherwise protected. Thanks again to kirniki for the tip.

Says the hospital: “We are truly sorry if we have caused any stress or problems for the patients affected by this. We have offered them one year free subscription for credit monitoring and identity theft protection.”

Such a breach does indeed put the victims–those of us with data that was compromised due to no fault of our own–in a tough spot. It places burden and stress. Just read the comments of readers on the article itself, for some stark examples. Credit monitoring and ID Theft Protection can help to at least detect problems early, but it’s much better to mitigate problems before they occur, which is why we continue to trumpet that call: buckle that safety belt before driving down the road.